121 lines
2.9 KiB
Python
Executable File
121 lines
2.9 KiB
Python
Executable File
# Author: sud0nick
|
|
# Date: Apr 2016
|
|
|
|
from subprocess import call
|
|
import os
|
|
|
|
class ConfigHelper:
|
|
|
|
def __init__(self, sslDir = "/etc/nginx/ssl/"):
|
|
self.nginxConf = "/etc/nginx/nginx.conf"
|
|
self.lines = [f for f in open(self.nginxConf)]
|
|
self.ssl_dir = sslDir
|
|
self.serverBlockIndex = self.getServerBlockIndex()
|
|
self.currentSSLCerts = self.getCurrentSSLCerts()
|
|
|
|
|
|
def checkSSLCertsExist(self):
|
|
flags = [".key", ".cer"]
|
|
if os.path.isdir(self.ssl_dir):
|
|
for file in os.listdir(self.ssl_dir):
|
|
for flag in flags:
|
|
if flag in file:
|
|
flags.remove(flag)
|
|
if flags:
|
|
return False
|
|
else:
|
|
return True
|
|
|
|
def getCurrentSSLCerts(self):
|
|
certs = []
|
|
index = self.serverBlockIndex
|
|
for line in self.lines[index:]:
|
|
if "ssl_certificate" in line:
|
|
i = line.rfind("/")
|
|
certs.append(line[i+1:].strip(";\n"))
|
|
|
|
return certs
|
|
|
|
|
|
def getServerBlockIndex(self):
|
|
index = 0
|
|
for line in self.lines:
|
|
if ("listen" in line) and not ("80" in line or "443" in line):
|
|
return index
|
|
index = index + 1
|
|
|
|
return False
|
|
|
|
|
|
def checkSSLConfigStatus(self):
|
|
index = self.serverBlockIndex
|
|
for line in self.lines[index:]:
|
|
if "1471 ssl;" in line:
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
def addSSLConfig(self, keyName):
|
|
|
|
# Check if SSL has already been configured for port 1471
|
|
if self.checkSSLConfigStatus():
|
|
return True
|
|
|
|
index = 0
|
|
cert = keyName + ".cer"
|
|
key = keyName + ".key"
|
|
|
|
with open(self.nginxConf, "w") as out:
|
|
for line in self.lines:
|
|
if index == self.serverBlockIndex:
|
|
line = "\t\tlisten\t1471 ssl;\n"
|
|
|
|
if index > self.serverBlockIndex:
|
|
if "root /pineapple/;" in line:
|
|
self.lines.insert(index + 1, "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
|
|
"\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
|
|
"\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n")
|
|
index = index + 1
|
|
out.write(line)
|
|
call(["/etc/init.d/nginx", "reload"])
|
|
|
|
return True
|
|
|
|
def replaceSSLConfig(self, newKey):
|
|
cert = newKey + ".cer"
|
|
key = newKey + ".key"
|
|
currentKey = self.currentSSLCerts[0].rsplit(".")[0]
|
|
index = 0
|
|
|
|
with open(self.nginxConf, "w") as out:
|
|
for line in self.lines:
|
|
if index > self.serverBlockIndex:
|
|
if (currentKey + ".cer") in line:
|
|
line = "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
|
|
|
|
if (currentKey + ".key") in line:
|
|
line = "\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
|
|
|
|
index = index + 1
|
|
out.write(line)
|
|
|
|
call(["/etc/init.d/nginx", "reload"])
|
|
|
|
|
|
def removeSSLConfig(self):
|
|
index = 0
|
|
with open(self.nginxConf, "w") as out:
|
|
for line in self.lines:
|
|
if index == self.serverBlockIndex:
|
|
line = "\t\tlisten\t1471;\n"
|
|
|
|
if index > self.serverBlockIndex:
|
|
if "ssl_certificate" in line or "ssl_protocols" in line:
|
|
continue
|
|
|
|
index = index + 1
|
|
out.write(line)
|
|
|
|
call(["/etc/init.d/nginx", "reload"])
|
|
|